Add tuya webrtc support

README.md

@@ -679,13 +679,27 @@ Supports connection to [Wyze](https://www.wyze.com/) cameras, using WebRTC proto
 
 Supports [Amazon Kinesis Video Streams](https://aws.amazon.com/kinesis/video-streams/), using WebRTC protocol. You need to specify signalling WebSocket URL with all credentials in query params, `client_id` and `ice_servers` list in [JSON format](https://developer.mozilla.org/en-US/docs/Web/API/RTCIceServer).
 
+
+**tuya**
+
+Supports [Tuya IPC cameras](https://developer.tuya.com/en/docs/iot/webrtc?id=Kacsd4x2hl0se), using WebRTC protocol. To enable, you need to specify following in query parameters:
+- `format`          Set to `tuya` to use Tuya
+- `client_id`       Tuya Cloud Project Access ID/Client ID
+- `client_secret`   Tuya Cloud Project Access Secret/Client Secret
+- `uid`             Tuya linked app UID (referet to [Tuya Procedure step 3](https://developer.tuya.com/en/docs/iot/webrtc?id=Kacsd4x2hl0se#title-4-Prerequisites) for more info)
+- `device_id`       Tuya device ID (you can retreive if from Cloud Project devices page)
+
+URL should be `https://openapi.tuyaeu.com` or other one ([see Tuya docs](https://developer.tuya.com/en/docs/iot/api-request?id=Ka4a8uuo1j4t4#title-1-Endpoints)) depending on your region.
+
+
 ```yaml
 streams:
   webrtc-whep:    webrtc:http://192.168.1.123:1984/api/webrtc?src=camera1
   webrtc-go2rtc:  webrtc:ws://192.168.1.123:1984/api/ws?src=camera1
   webrtc-openipc: webrtc:ws://192.168.1.123/webrtc_ws#format=openipc#ice_servers=[{"urls":"stun:stun.kinesisvideo.eu-north-1.amazonaws.com:443"}]
   webrtc-wyze:    webrtc:http://192.168.1.123:5000/signaling/camera1?kvs#format=wyze
   webrtc-kinesis: webrtc:wss://...amazonaws.com/?...#format=kinesis#client_id=...#ice_servers=[{...},{...}]
+  webrtc-tuya:    webrtc:https://openapi.tuyaeu.com#format=tuya#client_id=...#client_secret=...#uid=...#device_id=...
 ```
 
 **PS.** For `kinesis` sources you can use [echo](#source-echo) to get connection params using `bash`/`python` or any other script language.

go.mod

@@ -4,12 +4,15 @@ go 1.20
 
 require (
 	github.com/asticode/go-astits v1.13.0
+	github.com/eclipse/paho.mqtt.golang v1.5.0
 	github.com/expr-lang/expr v1.16.9
-	github.com/gorilla/websocket v1.5.1
+	github.com/google/uuid v1.6.0
+	github.com/gorilla/websocket v1.5.3
 	github.com/mattn/go-isatty v0.0.20
 	github.com/miekg/dns v1.1.59
 	github.com/pion/ice/v2 v2.3.24
 	github.com/pion/interceptor v0.1.29
+	github.com/pion/logging v0.2.2
 	github.com/pion/rtcp v1.2.14
 	github.com/pion/rtp v1.8.6
 	github.com/pion/sdp/v3 v3.0.9
@@ -21,28 +24,29 @@ require (
 	github.com/sigurn/crc8 v0.0.0-20220107193325-2243fe600f9f
 	github.com/stretchr/testify v1.9.0
 	github.com/tadglines/go-pkgs v0.0.0-20210623144937-b983b20f54f9
-	golang.org/x/crypto v0.24.0
+	github.com/tidwall/gjson v1.17.3
+	golang.org/x/crypto v0.25.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
 require (
 	github.com/asticode/go-astikit v0.30.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/google/uuid v1.6.0 // indirect
 	github.com/kr/pretty v0.2.1 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/pion/datachannel v1.5.6 // indirect
 	github.com/pion/dtls/v2 v2.2.11 // indirect
-	github.com/pion/logging v0.2.2 // indirect
 	github.com/pion/mdns v0.0.12 // indirect
 	github.com/pion/randutil v0.1.0 // indirect
 	github.com/pion/sctp v1.8.16 // indirect
 	github.com/pion/transport/v2 v2.2.5 // indirect
 	github.com/pion/turn/v2 v2.1.6 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/tidwall/match v1.1.1 // indirect
+	github.com/tidwall/pretty v1.2.0 // indirect
 	golang.org/x/mod v0.18.0 // indirect
-	golang.org/x/net v0.26.0 // indirect
+	golang.org/x/net v0.27.0 // indirect
 	golang.org/x/sync v0.7.0 // indirect
-	golang.org/x/sys v0.21.0 // indirect
+	golang.org/x/sys v0.22.0 // indirect
 	golang.org/x/tools v0.22.0 // indirect
 )

go.sum

@@ -6,6 +6,8 @@ github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSV
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/eclipse/paho.mqtt.golang v1.5.0 h1:EH+bUVJNgttidWFkLLVKaQPGmkTUfQQqjOsyvMGvD6o=
+github.com/eclipse/paho.mqtt.golang v1.5.0/go.mod h1:du/2qNQVqJf/Sqs4MEL77kR8QTqANF7XU7Fk0aOTAgk=
 github.com/expr-lang/expr v1.16.5 h1:m2hvtguFeVaVNTHj8L7BoAyt7O0PAIBaSVbjdHgRXMs=
 github.com/expr-lang/expr v1.16.5/go.mod h1:uCkhfG+x7fcZ5A5sXHKuQ07jGZRl6J0FCAaf2k4PtVQ=
 github.com/expr-lang/expr v1.16.9 h1:WUAzmR0JNI9JCiF0/ewwHB1gmcGw5wW7nWt8gc6PpCI=
@@ -16,6 +18,8 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/gorilla/websocket v1.5.1 h1:gmztn0JnHVt9JZquRuzLw3g4wouNVzKL15iLr/zn/QY=
 github.com/gorilla/websocket v1.5.1/go.mod h1:x3kM2JMyaluk02fnUJpQuwD2dCS5NDG2ZHL0uE0tcaY=
+github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg=
+github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
@@ -106,6 +110,12 @@ github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsT
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/tadglines/go-pkgs v0.0.0-20210623144937-b983b20f54f9 h1:aeN+ghOV0b2VCmKKO3gqnDQ8mLbpABZgRR2FVYx4ouI=
 github.com/tadglines/go-pkgs v0.0.0-20210623144937-b983b20f54f9/go.mod h1:roo6cZ/uqpwKMuvPG0YmzI5+AmUiMWfjCBZpGXqbTxE=
+github.com/tidwall/gjson v1.17.3 h1:bwWLZU7icoKRG+C+0PNwIKC6FCJO/Q3p2pZvuP0jN94=
+github.com/tidwall/gjson v1.17.3/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
+github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA=
+github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM=
+github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs=
+github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
@@ -121,6 +131,8 @@ golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI=
 golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
 golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI=
 golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM=
+golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30=
+golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA=
@@ -144,6 +156,8 @@ golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac=
 golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
 golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ=
 golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE=
+golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys=
+golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -172,6 +186,8 @@ golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y=
 golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
 golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI=
+golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=

internal/webrtc/client.go

@@ -12,6 +12,7 @@ import (
 
 	"github.com/AlexxIT/go2rtc/internal/api/ws"
 	"github.com/AlexxIT/go2rtc/internal/streams"
+	"github.com/AlexxIT/go2rtc/internal/webrtc/tuya"
 	"github.com/AlexxIT/go2rtc/pkg/core"
 	"github.com/AlexxIT/go2rtc/pkg/webrtc"
 	"github.com/gorilla/websocket"
@@ -54,6 +55,8 @@ func streamsHandler(rawURL string) (core.Producer, error) {
 			} else if format == "wyze" {
 				// https://github.com/mrlt8/docker-wyze-bridge
 				return wyzeClient(rawURL)
+			} else if format == "tuya" {
+				return tuya.TuyaClient(rawURL, query)
 			} else {
 				return whepClient(rawURL)
 			}

internal/webrtc/tuya/http.go

@@ -0,0 +1,197 @@
+package tuya
+
+import (
+	"bytes"
+	"crypto/md5"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"log"
+	"net/http"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/google/uuid"
+	"github.com/tidwall/gjson"
+)
+
+func (t *tuyaSession) makeHttpSign(ts int64) string {
+	// If httpAccessToken is "" then this is un-authed request, so no need to do 'if' here
+	data := fmt.Sprintf("%s%s%s%d", t.config.ClientID, t.httpAccessToken, t.config.Secret, ts)
+	val := md5.Sum([]byte(data))
+	res := fmt.Sprintf("%X", val)
+	return res
+}
+
+func (t *tuyaSession) httpRequest(method string, path string, body io.Reader) (res []byte, err error) {
+	client := &http.Client{
+		Timeout: time.Second * 5,
+	}
+
+	url := fmt.Sprintf("%s%s", t.config.OpenAPIURL, path)
+
+	request, err := http.NewRequest(method, url, body)
+	if err != nil {
+		log.Printf("create http request fail: %s", err.Error())
+
+		return
+	}
+
+	ts := time.Now().UnixNano() / 1000000
+	sign := t.makeHttpSign(ts)
+
+	// TODO: do we need all this headers?
+
+	request.Header.Set("Accept", "*")
+	request.Header.Set("Content-Type", "application/json")
+	request.Header.Set("Access-Control-Allow-Origin", "*")
+	request.Header.Set("Access-Control-Allow-Methods", "*")
+	request.Header.Set("Access-Control-Allow-Headers", "*")
+	request.Header.Set("mode", "no-cors")
+	request.Header.Set("client_id", t.config.ClientID)
+	request.Header.Set("access_token", t.httpAccessToken)
+	request.Header.Set("sign", sign)
+	request.Header.Set("t", strconv.FormatInt(ts, 10))
+
+	response, err := client.Do(request)
+	if err != nil {
+		log.Printf("http request fail: %s", err.Error())
+
+		return
+	}
+	defer response.Body.Close()
+
+	res, err = io.ReadAll(response.Body)
+	if err != nil {
+		log.Printf("read http response fail: %s", err.Error())
+
+		return
+	}
+
+	return
+}
+
+func (t *tuyaSession) Authorize() (err error) {
+	t.httpAccessToken = "" // Clear all access token if present
+
+	body, err := t.httpRequest("GET", "/v1.0/token?grant_type=1", nil)
+	if err != nil {
+		log.Printf("sync OpenAPI ressponse to config fail: %s", err.Error())
+		return
+	}
+
+	accessTokenValue := gjson.GetBytes(body, "result.access_token")
+	if !accessTokenValue.Exists() {
+		log.Printf("access_token not exits in body: %s", string(body))
+		return errors.New("access_token not exist")
+	}
+
+	t.httpAccessToken = accessTokenValue.String()
+
+	return
+}
+
+func (t *tuyaSession) GetMotoIDAndAuth() (motoID, auth, iceServers string, err error) {
+	path := fmt.Sprintf("/v1.0/users/%s/devices/%s/webrtc-configs", t.config.UID, t.config.DeviceID)
+
+	body, err := t.httpRequest("GET", path, nil)
+	if err != nil {
+		log.Printf("GET webrtc-configs fail: %s, body: %s", err.Error(), string((body)))
+
+		return
+	}
+
+	motoIDValue := gjson.GetBytes(body, "result.moto_id")
+	if !motoIDValue.Exists() {
+		log.Printf("moto_id not exist in webrtc-configs, body: %s", string(body))
+
+		return "", "", "", errors.New("moto_id not exist")
+	}
+
+	authValue := gjson.GetBytes(body, "result.auth")
+	if !authValue.Exists() {
+		log.Printf("auth not exist in webrtc-configs, body: %s", string(body))
+
+		return "", "", "", errors.New("auth not exist")
+	}
+
+	iceServersValue := gjson.GetBytes(body, "result.p2p_config.ices")
+	if !iceServersValue.Exists() {
+		log.Printf("iceServers not exist in webrtc-configs, body: %s", string(body))
+
+		return "", "", "", errors.New("p2p_config.ices not exist")
+	}
+
+	var tokens []Token
+	err = json.Unmarshal([]byte(iceServersValue.String()), &tokens)
+	if err != nil {
+		log.Printf("unmarshal to tokens fail: %s", err.Error())
+		return "", "", "", err
+	}
+
+	ices := make([]WebToken, 0)
+	for _, token := range tokens {
+		if strings.HasPrefix(token.Urls, "stun") {
+			ices = append(ices, WebToken{
+				Urls: token.Urls,
+			})
+		} else if strings.HasPrefix(token.Urls, "turn") {
+			ices = append(ices, WebToken{
+				Urls:       token.Urls,
+				Username:   token.Username,
+				Credential: token.Credential,
+			})
+		}
+	}
+
+	iceServersBytes, err := json.Marshal(&ices)
+	if err != nil {
+		log.Printf("marshal token to web tokens fail: %s", err.Error())
+		return "", "", "", err
+	}
+
+	motoID = motoIDValue.String()
+	auth = authValue.String()
+	iceServers = string(iceServersBytes)
+
+	return
+}
+
+func (t *tuyaSession) GetHubConfig() (config *OpenIoTHubConfig, err error) {
+	request := &OpenIoTHubConfigRequest{
+		UID:      t.config.UID,
+		UniqueID: uuid.New().String(),
+		LinkType: "mqtt",
+		Topics:   "ipc",
+	}
+
+	payload, err := json.Marshal(request)
+	if err != nil {
+		log.Printf("marshal OpenIoTHubConfig Request fail: %s", err.Error())
+		return nil, err
+	}
+
+	body, err := t.httpRequest("POST", "/v2.0/open-iot-hub/access/config", bytes.NewReader(payload))
+
+	if err != nil {
+		log.Printf("get OpenIoTHub config from http fail: %s", err.Error())
+		return
+	}
+
+	if !gjson.GetBytes(body, "success").Bool() {
+		log.Printf("request OpenIoTHub Config fail, body: %s", string(body))
+		return nil, errors.New("request hub config fail")
+	}
+
+	config = &OpenIoTHubConfig{}
+
+	err = json.Unmarshal([]byte(gjson.GetBytes(body, "result").String()), config)
+	if err != nil {
+		log.Printf("unmarshal OpenIoTHub config to object fail: %s, body: %s", err.Error(), string(body))
+		return
+	}
+
+	return
+}